SNMP Information

What is SNMP?

SNMP stands for the Simple Network Management Protocol. At its heart, SNMP is a set of rules that allows a computer to get statistics from another computer across the Internet.

Computers track various statistics that measure what they are doing. For example, routers can track the number of bytes, packets, and errors that are transmitted and received on each interface (port). Web servers might keep a tally of the number of hits they receive. Other kinds of equipment have configuration information that is available through SNMP.

Management Information Base (MIB)

Each of these pieces of information (packet statistics, page hits, configuration) is kept in a database described by a Management Information Base (a MIB in SNMP parlance.) There are a many different MIBs, describing many different aspects of a computer operation.

MIB Variables and OIDs (Object Identifiers)

The various values that can be retrieved from a MIB are called MIB variables. These variables are defined in the MIB for a device. Each MIB variable is named by an Object Identifier (OID), which usually has a name in the form of numbers separated by periods ("."). For example,

1.3.6.1.xxxx.x.x.x.x...

For example, the MIB-II (pronounced MIB two) has a variable that indicates the number of interfaces (ports) in a router. It is called the ifNumber and the OID is 1.3.6.1.2.1.2.1.0

Intermapper can query a device for the MIB variables and display the results. When a device receives a SNMP Get-Request for this ifNumber OID, it responds with the count of interfaces.

NOTE:

The trailing .0 in the example above is technically part of the OID. Although you often see OIDs written without it, Intermapper requires that it is present wherever you enter an OID.

Enterprise Numbers and OIDs

You might notice that most OIDs start with 1.3.1.6.1.x. If the 6th number is 4, the OID is generated by a private enterprise. The 7th number is the Enterprise number, assigned to the organization by the IANA as defined in http://www.iana.org/assignments/enterprise-numbers.

The remaining numbers are generated by and under the control of the registered enterprise.

What is the 'Read-only Community String'?

The SNMP Read-Only Community String is like a password. It is sent along with each SNMP Get-Request and allows (or denies) access to device. Most network vendors ship their equipment with a default password of public. (This is the so-called default public community string.) Many network administrators change the community string to keep intruders from getting information about the network setup. This is a good idea. Even if it is only read-access, SNMP can divulge a lot of information about the network that could be used to compromise it.

If there is a read-only community string, you might expect that there is a Write community string. You are correct. There is also a SNMP Set-Request, which is a command to set certain SNMP MIB variables (for example, certain OIDs) to a specified value. These writes are protected by the write community string (which should never be set to public). Many SNMP-speaking devices also have IP address filters that ignore requests (read and write) unless the source address is on an access list.

There is also a SNMP Trap, which is an unsolicited message from a device to an SNMP console (for example, Intermapper) that the device is in an interesting state. Traps might indicate power-up or link-up/down conditions temperatures exceeding certain thresholds, high traffic, and so on. Traps provide an immediate notification for an event that might otherwise be discovered only during occasional polling.

Why can't I get SNMP information from a device?

Intermapper requires that SNMP is available and configured to display traffic information. The most common cause of not being able to see traffic is that you have not entered the SNMP Read-only community string. (This is like a password that controls whether another computer can retrieve SNMP information.)

In order of simplest to most complex, here is a list of reasons that Intermapper might not get SNMP information from a device:

Wrong DNS name/IP address - Not likely, but we have to mention it.
No connectivity - Can you ping the device from Intermapper?
No SNMP agent on the device - Many devices or computers have optional SNMP capabilities that must be installed separately.
Is the SNMP agent disabled? - Many devices allow you to disable the SNMP capability totally, or from certain ports.
If the SNMP agent is based on net-snmp or UCD-snmp package - Ensure that the configuration file specifically lists Intermapper's IP address/subnet as an allowed client
In a custom probe, have you specified the OID properly? - For more information, see the OID Format FAQ.
Wrong Community string - Have you tried public?
Access lists: does the equipment only allow SNMP access from certain addresses?
Firewalls: does a firewall block the SNMP port between your macOS and the equipment?
Bugs in the SNMP agent on the equipment - Intermapper uses SNMP Get-Next-Requests in several places. We see certain equipment that fails when queried this way.

If you are sure that you checked all of these things and you still cannot get SNMP information, contact us at support@Intermapper.com. We might have some tricks up our sleeves. (Or we might wind up learning something.)

How can Intermapper query a particular MIB variable?

There are two kinds of MIB variables: scalar values and table entries.

Scalars have a single value, such as the interface number shown above. For example, the ifNumber MIB variable of a router is a single number that represents the total number of its interfaces (ports).
Table values, on the other hand, provide the same pieces of information for different items, such as the traffic for each router port or information about each of the TCP connections in a device.

Intermapper can read and display both scalar variables and table variables in its custom SNMP probes.

Scalar values must have a .0 suffix in their OIDs. For example, the OID for ifNumber in MIB-II is often written as 1.3.6.1.2.1.2.1. In custom probe files, it should be represented as 1.3.6.1.2.1.2.1.0. (This .0 is technically part of the OID, it is convenient not to write it, though.)

Table variables are generally suffixed with the index of the row. (This is not always true, see the note below). For example, the Cisco Environment Monitoring MIB defines two variables for the input air temperature and input voltage as the first rows in each of these tables:

ciscoEnvMonTemperatureStatusValue 1.3.6.1.4.1.9.9.13.1.3.1.3
ciscoEnvMonVoltageStatusValue 1.3.6.1.4.1.9.9.13.1.2.1.3

If you add a suffix .1 to each of these, you get the value of the first row. If you add .2 to as a suffix, you get the second row, and so on.

Do all tables have an index?

As noted above, some tables do not have a separate index column. These rows are named (their OIDs are specified by) data in the row. For example, the OID for tcpConnState row, the status of a particular TCP connection is 1.3.6.1.2.1.6.13.1.1. Its index is the source and destination IP address and port (all four values) which are appended to the tcpConnState OID. Thus, the full OID for the state of a TCP connection from 9.8.7.6 port 543 to 123.45.67.89 port 8765 is:

1.3.6.1.2.1.6.13.1.1.9.8.7.6.543.123.45.67.89.8765

Where can I read more information about SNMP?

A periodic newsletter, The Simple Times, is online at:

http://www.simple-times.org/

A great site pointing to various snmp products:

http://www.simpleweb.org/

How do I interpret an unknown enterprise number?

Q: My error log file shows the following lines:

14/02 15:13:07  TRAP  CITRIX1::  coldStart14/02 15:13:07  TRAP  CITRIX1::  linkUp, ifIndex = 114/02 15:13:07  TRAP  CITRIX1::  linkUp, ifIndex = 1677721914/02 15:14:07  TRAP  CITRIX1::  1.3.6.1.4.1.3845.3.1.1 (8)  { <no variables> }

Can you tell me what that SNMP ID is? (1.3.6.1.4.1.3845.3.1.1 (8))

A: The 1.3.6.1.4.1... prefix of the OID indicates that the trap is from a private enterprise MIB. You can find out what enterprise by downloading the Enterprise Numbers RFC from the following:

http://www.iana.org/assignments/enterprise-numbers

Reading through the file indicates the following:

3845  Citrix Systems         Keith Turnbull            keitht@citrix.com

Contact the Citrix company (or read their MIB) to find out the exact interpretation of the trap OID.

Is there a way to scan a network for all SNMP devices?

Intermapper does a very good job of finding SNMP-speaking devices if you know the SNMP Read-only Community string of the device. Detailed instructions for scanning a subnet are available from the network scanning page. Set the default SNMP Read-only Community String as shown in the SNMP Preferences.

Intermapper might not be able to find a device for any of these reasons.

Intermapper doesn't show my xxxx device properly...

Customers sent us comments that Intermapper does not show certain kinds of equipment properly. We investigated and found a bug in the SNMP implementations of certain vendors. To determine if your equipment is susceptible to this bug, you can follow this procedure.

Intermapper uses Get-Next-Requests to retrieve data. To be more efficient, it sends several OIDs in each query. When we use the net-snmp snmpgetnext to retrieve single variables, the results come back properly. When we queue up multiple OIDs in a request, they come back wrong, in the same manner as SNMP Watcher.

First, download net-snmp from http://net-snmp.sourceforge.net . net-snmp is a highly-reliable, open-source snmp query tool and agent for Microsoft Windows. Install net-snmp as described in its documentation.

Then use net-snmp command-line tools to send Get-Next-Request queries to the device in question. For example,

# request ipAdEntAddr first, then ipAdEntifIndex
[richb@jig ~]# snmpgetnext IPADDRESS COMMUNITY 
 ipAdEntAddr ipAdEntifIndex
ip.ipAddrTable.ipAddrEntry.ipAdEntAddr.127.0.0.1 = IpAddress: 127.0.0.1
ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.127.0.0.1 = Wrong Type (should 
 be INTEGER): IpAddress: 127.0.0.1

# other order: ipAdEntifIndex, then 
 ipAdEntAddr
[richb@jig ~]# snmpgetnext IPADDRESS COMMUNITY 
 ipAdEntifIndex ipAdEntAddr
ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.127.0.0.1 = 1
ip.ipAddrTable.ipAddrEntry.ipAdEntAddr.127.0.0.1 = Wrong Type (should be 
 IpAddress): 1

In the examples above, snmpgetnext requests two variables from the device at IPADDRESS, using the SNMP Read-only community string of COMMUNITY (substitute your values as needed). In the first case, the entity address comes before the ifIndex in the query. Both responses have the value 127.0.0.1 (the latter is incorrect). In the second example, the ifIndex precedes the entity address, and the result is 1 (again, the latter is incorrect).

If you see results like this, contact the vendor of your equipment to explain this problem and ask if a new release of firmware has a fix for it.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
6.6.4 | 202602271016 | July 2025